diff --git a/.github/workflows/release-windows-store.yml b/.github/workflows/release-windows-store.yml
index c4753b5ff0..97b4398b36 100644
--- a/.github/workflows/release-windows-store.yml
+++ b/.github/workflows/release-windows-store.yml
@@ -2,6 +2,10 @@ name: Release (Windows Store)
 
 on:
   workflow_call:
+    inputs:
+      version:
+        required: true
+        type: string
 
 jobs:
   windows-store:
@@ -174,11 +178,15 @@ jobs:
         makeappx build /v /f PackagingLayout.xml /op output\ /bv %OTTD_VERSION% /pv %OTTD_VERSION% /ca
         SignTool sign /fd sha256 /a /f cert.pfx /p password "output\OpenTTD.appxbundle"
 
-    - name: Store appx
+        REM Move resulting files to bundles folder
+        mkdir bundles
+        mkdir bundles\internal
+        move cert.pfx bundles\internal\openttd-${{ inputs.version }}-windows-store.pfx
+        move output\OpenTTD.appxbundle bundles\internal\openttd-${{ inputs.version }}-windows-store.appxbundle
+
+    - name: Store bundles
       uses: actions/upload-artifact@v3
       with:
         name: openttd-windows-store
-        path: |
-          builds/output/OpenTTD.appxbundle
-          builds/cert.pfx
+        path: builds/bundles
         retention-days: 5
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9526334456..5dea7c9f40 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -66,6 +66,9 @@ jobs:
     uses: ./.github/workflows/release-windows-store.yml
     secrets: inherit
 
+    with:
+      version: ${{ needs.source.outputs.version }}
+
   upload-aws:
     name: Upload (AWS)
     needs:
@@ -74,6 +77,11 @@ jobs:
     - linux
     - macos
     - windows
+    - windows-store
+
+    # As windows-store is condition, we need to check ourselves if we need to run.
+    # The always() makes sure the rest is always evaluated.
+    if: always() && needs.source.result == 'success' && needs.docs.result == 'success' && needs.linux.result == 'success' && needs.macos.result == 'success' && needs.windows.result == 'success' && (needs.windows-store.result == 'success' || needs.windows-store.result == 'skipped')
 
     uses: ./.github/workflows/upload-aws.yml
     secrets: inherit
diff --git a/.github/workflows/upload-aws.yml b/.github/workflows/upload-aws.yml
index 1840a4341e..72319ad5ab 100644
--- a/.github/workflows/upload-aws.yml
+++ b/.github/workflows/upload-aws.yml
@@ -28,9 +28,9 @@ jobs:
         echo "::group::Move bundles to a single folder"
         mkdir bundles
         mv openttd-*/* bundles/
-        cd bundles
-        echo "::group::Build"
+        echo "::endgroup::"
 
+        cd bundles
         for i in $(ls openttd-*); do
           echo "::group::Calculating checksums for ${i}"
           openssl dgst -r -md5 -hex $i > $i.md5sum
@@ -39,6 +39,21 @@ jobs:
           echo "::endgroup::"
         done
 
+        # Some targets generate files that are meant for our-eyes-only.
+        # They are stored in the "internal" folder, and contains bundles
+        # for targets like Windows Store. No user has a benefit of knowing
+        # they exist, hence: internal.
+        if [ -e internal ]; then
+          cd internal
+          for i in $(ls openttd-*); do
+            echo "::group::Calculating checksums for ${i}"
+            openssl dgst -r -md5 -hex $i > $i.md5sum
+            openssl dgst -r -sha1 -hex $i > $i.sha1sum
+            openssl dgst -r -sha256 -hex $i > $i.sha256sum
+            echo "::endgroup::"
+          done
+        fi
+
     - name: Upload bundles to AWS
       run: |
         aws s3 cp --recursive --only-show-errors bundles/ s3://${{ secrets.CDN_S3_BUCKET }}/${{ inputs.folder }}/${{ inputs.version }}/